All news with #supply chain compromise tag

⚠ Aikido researchers discovered two malicious PyPI packages, spellcheckerpy and spellcheckpy, that posed as spellcheckers but contained a Base64-encoded downloader and a Python remote access trojan (RAT). The payload was hidden inside the Basque dictionary archive resources/eu.json.gz and decoded when the package’s test_file() extraction was invoked. Early releases only decoded the payload; spellcheckpy v1.2.0 (published Jan 21, 2026) introduced an obfuscated trigger that executes the payload, and the packages were downloaded just over 1,000 times before removal.

🔓 npm and yarn contain vulnerabilities, dubbed PackageGate, that Koi Security researcher Oren Yomtov says can bypass defenses introduced after the Shai-Hulud campaign by allowing lifecycle scripts to run and lockfile integrity to be evaded. pnpm, vlt and Bun have addressed the issues; npm and yarn have not applied comparable fixes. GitHub and npm maintain some behaviors are intentional—particularly that installing git dependencies with a prepare script will trigger installs—which Yomtov disputes. Developers are advised to prefer patched managers, follow the post-Shai-Hulud guidance, and keep tooling current.

🛡️ Morphisec Threat Labs has identified a critical supply-chain compromise of MicroWorld Technologies’ eScan antivirus discovered on 20 January 2026, in which malicious updates were delivered via the vendor's legitimate update infrastructure. The trojanized 32-bit executable, allegedly signed with a compromised certificate, deployed a downloader and a 64-bit backdoor, established persistence and implemented anti-remediation controls to block further updates. Morphisec reported blocking the activity on protected systems and urged immediate investigative and remediation actions for affected organizations.

⚠️ Koi Security researchers uncovered two malicious Microsoft Visual Studio Code extensions marketed as AI coding assistants that also exfiltrate developer files to China-based servers. The extensions — ChatGPT - 中文版 (whensunset.chatgpt-china, 1,340,869 installs) and ChatGPT - ChatMoss（CodeMoss） (zhukunpeng.chat-moss, 151,751 installs) — function normally while encoding every opened file and edits in Base64 and sending them to aihao123[.]cn. The campaign, dubbed MaliciousCorgi, includes remote-triggered bulk exfiltration and a hidden zero-pixel iframe that loads Chinese analytics SDKs to fingerprint users. Remove suspicious extensions, audit workspaces, and follow supply-chain hardening guidance.

⚠️ Researchers from Koi found two malicious AI-style extensions on the VSCode Marketplace — ChatGPT – 中文版 and ChatMoss — that together have 1.5 million installs and silently transmit developer files to China-based servers. The extensions implement three distinct data-collection methods: real-time file reads and Base64 exfiltration via hidden webviews, a server-controlled file-harvest command that can steal up to 50 files, and a zero-pixel iframe that loads commercial analytics SDKs for fingerprinting and behavioral tracking. At publication both extensions were still available and Microsoft had not responded to inquiries.

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, including a high-severity PHP remote file inclusion in Zimbra (CVE-2025-68645) and an authentication bypass in Versa Concerto (CVE-2025-34026). One entry describes a supply-chain compromise that trojanized eslint-config-prettier and six related npm packages to deliver a malicious DLL. Federal agencies are required to remediate under BOD 22-01 by February 12, 2026.

🔍 A malicious PyPI package named sympy-dev was found impersonating SymPy, copying the legitimate project's description to trick users; it has been downloaded over 1,100 times since its January 17, 2026 publication. Socket's analysis shows select symbolic-math routines were modified to retrieve a remote JSON configuration and download an ELF payload that launches an XMRig miner. The backdoor executes the ELF binary directly in memory via memfd_create and /proc/self/fd to reduce on-disk artifacts and only triggers when specific polynomial functions are invoked to remain stealthy.

🔍 Recorded Future's Insikt Group attributes a widespread North Korean campaign, dubbed PurpleBravo, with targeting of 3,136 individual IP addresses via fraudulent job interviews that prompted candidates to run malicious code. The activity, observed from August 2024 to September 2025, affected 20 organizations across AI, crypto, finance, IT services, marketing, and software development in Europe, South Asia, the Middle East, and Central America. Security firms including Jamf Threat Labs reported abuse of VS Code projects, malicious GitHub repos and fake LinkedIn personas to deliver malware such as BeaverTail and a Go-based backdoor, increasing supply-chain and corporate-device risks.

⚠️ Threat actors tied to DPRK-backed Contagious Interview are weaponizing Visual Studio Code project configurations to execute malicious payloads when developers open and trust cloned repositories. Jamf Threat Labs observed attackers embedding commands in tasks.json that spawn shell processes to fetch and run obfuscated JavaScript via Node.js, establishing a persistent backdoor that can survive closing the IDE. Users should vet unfamiliar repos, inspect task and package files, and avoid running npm install without review.

🔒 The European Commission has proposed an update to the Cybersecurity Act, published on 20 January, to address shortcomings in the original regulation. The package aims to streamline the European cybersecurity certification framework, introduce a trusted ICT supply chain security framework across 18 critical sectors, and require certification schemes to be developed within 12 months by default. It also expands ENISA's powers to lead incident support, vet suppliers, and pilot skill attestation.

🔒 The EU Commission has proposed a legal mechanism to ban network-equipment vendors it considers high-risk, a move widely seen as targeting Chinese firms such as Huawei and ZTE though the draft does not name specific companies. The plan would let Brussels require member states to replace prohibited technology in critical infrastructure within three years. It would also strengthen ENISA with additional staff and funding to coordinate EU-wide cybersecurity and ransomware defenses.

🚨 Jamf Threat Labs and other researchers observed DPRK-linked actors using malicious Visual Studio Code project repositories to deliver a multi-stage backdoor enabling remote code execution. The campaign abuses VS Code task configuration files (runOn: folderOpen) to fetch obfuscated JavaScript from Vercel and deploy implants named BeaverTail and InvisibleFerret. Targets are lured to clone and open repository-based job assessments, and on macOS the chain uses nohup/curl to run Node.js payloads that persist beyond the IDE.

⚠️ Trend Micro detailed a campaign using a new information stealer, Evelyn Stealer, that abuses the Visual Studio Code extension ecosystem to harvest developer secrets. Malicious extensions drop a downloader DLL (Lightshot.dll) which launches a staged executable (runtime.exe) and injects the stealer into a legitimate process (grpconv.exe) to run in memory. The malware collects credentials, cookies, crypto wallets, screenshots, Wi‑Fi data and system metadata, then exfiltrates compressed archives to an attacker-controlled FTP server.

⚡ This week’s roundup highlights active exploitation of a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) that can lead to full appliance compromise, alongside new malware and supply-chain concerns. Researchers also disclosed a clipboard‑hijacking campaign distributed by RedLineCyber and a Reprompt attack that targeted Microsoft Copilot via P2P prompt injection. Other notable items include a cloud-native Linux framework called VoidLink, disruption of the RedVDS criminal service, and an AWS CodeBuild misconfiguration that raised supply‑chain risks. Defenders should prioritize patching high-severity CVEs, harden CI/CD configurations, and treat AI/chatbot integrations and exposed devices as part of the attack surface.

⚠️ Researchers at Palo Alto Networks' Unit 42 disclosed critical weaknesses in the NeMo, Uni2TS and FlexTok Python libraries used with Hugging Face models, where malicious code can be hidden in model metadata and executed automatically when a manipulated file is loaded. The root cause is the use of Hydra's instantiate(), which accepts arbitrary callables and arguments and can therefore permit remote code execution if metadata is untrusted. Vendors including NVIDIA, Salesforce and the maintainers of FlexTok have issued fixes and CVE assignments; users should upgrade affected libraries and audit models before loading.

🔒 Sophos researchers warn that the TamperedChef malvertising campaign is delivering trojanised PDF manuals and fake downloads to organisations worldwide. Attackers use malicious adverts and promoted search results to trick users searching for technical manuals into installing an infostealer that harvests browser-stored credentials and contacts a C2 server. A second-stage payload, ManualFinderApp.exe, is a trojanised application that acts as both an infostealer and a persistent backdoor. The campaign employs delayed activation, staged payload delivery and code-signing abuse to evade detection; organisations should avoid clicking advert links and obtain software only from official vendor sites.

🔒 Researchers at Wiz found a subtle misconfiguration in AWS CodeBuild build-trigger handling that could let unauthenticated actors infiltrate build environments and leak credentials. A two-character mistake in an unanchored regex filter allowed threat actor ID bypasses, putting public repositories such as the AWS JavaScript SDK at risk. AWS patched the issue within 48 hours, hardening CodeBuild and auditing public build logs. Wiz recommends anchored regexes, fine-grained PATs, and stricter build gates to reduce exposure.

⚠️ A critical CodeBuild misconfiguration, dubbed CodeBreach by Wiz, could have allowed attackers to take over several AWS-managed GitHub repositories, including aws-sdk-js-v3, by bypassing webhook actor ID filters. The flaw—missing ^ and $ anchors in regex filters—enabled unauthorized build triggers and potential leakage of privileged GitHub tokens. AWS fixed the issue in September 2025, rotated credentials, implemented mitigations, and reported no evidence of exploitation.

⚠️ A critical CodeBuild misconfiguration discovered by Wiz Research allowed untrusted pull requests to run privileged builds, enabling potential injection of malicious code into core AWS repositories—including the AWS SDK for JavaScript that underpins the AWS Console. The flaw was an unanchored regex in an ACTOR_ID webhook filter that let attacker-controlled GitHub IDs bypass restrictions and access credentials stored in build memory. AWS patched the issue within 48 hours, revoked exposed credentials, added protections to block memory-based credential theft and introduced a Pull Request Comment Approval build gate. Wiz advises blocking untrusted PRs, using fine‑grained tokens and anchoring webhook regexes.

🔐 The npm ecosystem has shifted from simple typosquatting to coordinated, credential-driven supply‑chain intrusions that target maintainers, CI pipelines, and trusted automation. Attackers now compromise legitimate packages via stolen tokens and publish trojanized updates that quietly propagate to millions of downstream projects. Detection increasingly requires runtime and anomaly analysis rather than static scanning, while mitigations focus on treating CI runners as production assets, aggressively rotating and scoping publish tokens, disabling unnecessary lifecycle scripts, and pinning dependencies to immutable versions.